Analytics Alerts

Browse the Cortex analytics alert reference.

Severity
Detection module
Data source

1 alert match the current filters. tactic: TA0005 ✕ technique: T1553 ✕

Show ATT&CK heatmap
  • Rare signature signed executable executed in the network Informational 4 variations

    Attackers may use signed executables by less known vendors to bypass security features.

    Activation:
    14 Days
    Training:
    30 Days
    Test:
    N/A (single event)
    Deduplication:
    30 Days
    ATT&CK tactics: Defense Evasion (TA0005)
    ATT&CK techniques: Subvert Trust Controls: Code Signing (T1553.002)
    Required data: XDR Agent
    Attacker's goals: Adversaries may use signed binaries to bypass security features.
    Investigative actions: Check if this is legitimate software installed by a legitimate user and intentionally.

    Variations

    Rare signature signed forensic tool remotely executed in the network

    Medium overridden

    Attackers may use signed executables by less known vendors to bypass security features. overridden

    Rare signature signed forensic tool executed in the network

    Low overridden

    Attackers may use signed executables by less known vendors to bypass security features. overridden

    Rare signature signed executable extracted from an internet-downloaded archive and executed in the network

    Low overridden

    Attackers may use signed executables by less known vendors to bypass security features. overridden

    Rare signature signed executable downloaded from an uncommon source and executed in the network

    Low overridden

    Attackers may use signed executables by less known vendors to bypass security features. overridden